Legality of Automated Outreach for SEO2 years ago

Today on Twitter I had a series of interesting conversations about the legality of outreach, automated prospecting and bulk email harvesting. What I found the most interesting was the widely diverse and opposing views on the legality of link building tactics. I found this a bit concerning.

Disclaimer: Before I continue, the standard disclaimer that I’m not a lawyer. I didn’t talk to a lawyer and I’m in no way qualified to give legal advice. I’m just sharing what I’ve read.

The other disclaimer: I’m not criticizing any particular link building tactics. I support methodologies that allow link building to be more effective. However, I think it’s worth knowing the legalities behind these methodologies so that independent SEOs, agencies, in-house and companies who hire agencies are protected. This isn’t an anti-spam post, it’s an anti-going-to-jail-and-being-charged-fines-I-don’t-want-to-pay post.

General definition of spam: Sending email that is unsolicited and sent in bulk.

Legalities of Email Spam

The legalities of email spam are outlined in the CAN-SPAM Act. I won’t repeat it all here, but you should go read.

Additional notes to not ignore:

  • You must honor opt-out requests – I’m not sure how this works for a 3rd party agency who uses shared contacts for multiple client’s sites. If someone requests for you to no longer email, I’m not sure if this applies to the agency, the company or both.
  • All parties are responsible – You can’t contract away your liability. If your agency spams on your behalf, your company may still be held liable.

Is Harvesting Legal?

Harvesting emails is the act of using automated methods to capture email addresses in mass, usually for use in bulk emails.

The exact legality of harvesting seems unclear, but it is not fully legal. In fact, harvesting  makes spamming an aggravated violation.

Under the CAN-SPAM Act, one who initiates the transmission of an email message that violates the Act may be subject to triple damages if the violative email is sent to an email address that he or she knows was harvested. 15 U.S.C. §§ 7706(f)(3)(C) and (g)(3)(C). – Source: ftc.gov

Since I’m not an email expert, I went looking for people who are and found this post on ExactTarget about email harvesting and found this passage (emphasis mine).

According to the folks at Project Honey Pot, harvesting is illegal under CAN-SPAM. “The law defines every message sent to a harvested address as “spam” and imposes potential liability on the sender. This is regardless of whether the sender complies with the law’s other requirements. In other words, including an opt-out link and following the Act’s notice regulations is not enough to spare bulk mailers sending to harvested addresses from liability.”

The post goes on to state (emphasis mine):

Not everybody agrees that this interpretation of how harvesting is handled under CAN-SPAM is correct.

Looking at the wording on the FTC compliance guide, it may be that harvesting is not illegal, but if you use the output of that harvest to engage in email practices that violate the CAN-SPAM act, that you’re increasing your violation. This could result in heavier fines and imprisonment.

Looking at what other potential experts might have to say, I checked out Quora, where lawyer Glenn Manishin left this comment (emphasis mine).

Both, if what you refer to is harvesting itself.  I do not recall there is a statutory or FTC prohibition on “soliciting” harvested email addresses or address lists; the law makes harvesting, or emailing to harvested addressees, unlawful

So it looks like there is no 100% agreement if it’s illegal or simply an increased violation of another illegal act.

What to Do

  1. If you use harvesting, automated methods and bulk emailing you might consider legal counsel to make sure you’re in compliance with the law.
  2. Create policies and methodologies that completely avoid crossing into the potential vague area of this law.
  3. If you’re using a 3rd party agency, it’s worth asking them about #1 and #2.

Russ Jones, CTO of Virante, stated on Twitter today that this is how his company safeguards against a potential violation:

“We follow a strict 1 email at a time, real person sends the email policy. Never send bulk.”

This is the same method I use when doing outreach. I’ll use tools, templates, hacks and apps to improve my efficiency, but at the end of the day I’m viewing every contact page and pressing send on every email that goes out.

If you have any thoughts or experience on the legality of email harvesting, I’d love to hear them in the comments below.